Empowering Smart

Security Vulnerability found in IIT – Jee Advance Portal

JEE Mains results just get out few days ago and all the JEE Advance eligible candidates starts filling up registration forms but know one tried to look for the security vulnerability present in the portal.

Hi, I am Chirag Sukhla, Cyber Security enthusiast and JEE aspirant. While I was about to login in the JEE portal I start scratching that part of my brain which forced me to look at the source code and find the captcha bypass vulnerability, present in the portal.

A P.O.C (Point of concept) Video & Steps is attached below.

JEEAdv Portal with Captcha

JEE Advance portal source code, highlighting captcha image

you can clearly see in above image that captcha value is present in text in URL query.